"use strict";(()=>{function y(...p){(window.debugging==="all"||window.debugging?.includes("login"))&&console.debug("login:",...p)}(function(p){let d;try{d=window.localStorage,window.localStorage.removeItem("url-root"),window.localStorage.removeItem("standard-login")}catch(e){d=window.sessionStorage,p.warn(String(e))}let H=d.getItem("shell:style")||"auto";window.matchMedia&&window.matchMedia("(prefers-color-scheme: dark)").matches&&H==="auto"||H==="dark"?document.documentElement.classList.add("pf-v6-theme-dark"):document.documentElement.classList.remove("pf-v6-theme-dark"),window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change",e=>{e.matches&&H==="auto"||H==="dark"?document.documentElement.classList.add("pf-v6-theme-dark"):document.documentElement.classList.remove("pf-v6-theme-dark")});let h,s=window.environment||{},m=s.OAuth||null;m&&(m.TokenParam||(m.TokenParam="access_token"),m.ErrorParam||(m.ErrorParam="error_description"));let ie=/\$\{([^}]+)\}|\$([a-zA-Z0-9_]+)/g;function x(e){let o=Array.prototype.slice.call(arguments,1);return e.replace(ie,function(n,t,i){return o[t||i]||""})}function J(e){if(window.cockpit_po){let o=window.cockpit_po[e];if(o&&o[1])return o[1]}return e}function ae(){if(!document.querySelectorAll)return;let e=document.querySelectorAll("[translate]");for(let o=0;o<e.length;o++)e[o].textContent=J(e[o].textContent)}let l=J,_,v,U,I,le=/[?&]?([^=]+)=([^&]*)/g,S=null;function M(e){e=e.split("+").join(" ");let o={};for(;;){let n=le.exec(e);if(!n)break;o[decodeURIComponent(n[1])]=decodeURIComponent(n[2])}return o}p||(p=function(){});function r(e){return document.getElementById(e)}function W(e){return e.replace(/^.*@/,"").replace(/(?<!:):[0-9]+$/,"").replace(/^\[/,"").replace(/\]$/,"")}function w(e,o){typeof e=="string"&&(e=[e]);for(let n=0;n<e.length;n++)if(typeof e[n]=="string"){let t=document.querySelectorAll(e[n]);t&&t.forEach(function(i){i.hidden!==!!o&&(i.hidden=!!o)})}else e[n].hidden!==!!o&&(e[n].hidden=!!o)}function u(){w(arguments,!1)}function g(){w(arguments,!0)}function se(e){window.console&&p.warn("stderr:",e),g("#login-wait-validating"),g("#login","#login-details"),u("#login-fatal"),r("login-again").onclick=()=>{g("#login-fatal"),O()},u("#login-again");let o=r("login-fatal-message");o.textContent="",o.appendChild(document.createTextNode(e))}function k(e){window.console&&p.warn("fatal:",e),g("#login-again","#login-wait-validating"),S&&(r("login-again").href=S,u("#login-again")),g("#login","#login-details"),u("#login-fatal");let o=r("login-fatal-message");o.textContent="",o.appendChild(document.createTextNode(e))}function A(e,o){let n=r(e),t=n&&window.getComputedStyle?window.getComputedStyle(n,":before"):null;if(!t)return;let i=t.content;if(i&&i!="none"&&i!="normal"){let a=i.length;(i[0]==='"'||i[0]==="'")&&a>2&&i[a-1]===i[0]&&(i=i.substring(1,a-1)),n.innerHTML=i||o}else n.removeAttribute("class")}function ce(){function e(a){a?(u("#login","#login-details","#login-override"),g("#get-out-link"),r("login-override-content").appendChild(r("login")),r("login-button").classList.add("pf-m-warning"),document.querySelector("#login .login-actions").insertAdjacentHTML("beforebegin","<div class='pf-v6-c-helper-text pf-m-warning' id='bypass-warning'>"+l("Cockpit might not render correctly in your browser")+"</div>")):g("#login","#login-details","#login-override")}function o(a,b){a==="supports"&&(a="@supports API");let T=x(l("This web browser is too old to run the Web Console (missing $0)"),a);window.console&&p.warn(T),r("login-error-message").textContent=T,u("#unsupported-browser","#error-group"),document.body.classList.add("unsupported-browser"),e(b)}function n(a,b){let T;try{T=b&&b[a]}catch(we){throw k(x(l("The web browser configuration prevents Cockpit from running (inaccessible $0)"),a)),we}return T===void 0?(o(a),!1):!0}function t(){let a=[].join.call(arguments,": ");return!window.CSS||!window.CSS.supports.apply(this,arguments)?(o(a,"bypass"),!1):!0}return n("WebSocket",window)&&n("XMLHttpRequest",window)&&n("sessionStorage",window)&&n("JSON",window)&&n("defineProperty",Object)&&n("console",window)&&n("pushState",window.history)&&n("textContent",document)&&n("replaceAll",String.prototype)&&n("finally",Promise.prototype)&&n("supports",window.CSS)?(t("display","flex")&&t("display","grid")&&t("selector(test)")&&t("selector(:is(*):where(*))"),!0):!1}function D(e){return e.replace(/^\s+|\s+$/g,"")}function F(e){let o=document.createElement("a"),n=document.baseURI;e=e||"/",o.href=n,o.pathname!="/"&&(h=o.pathname.replace(/^\/+|\/+$/g,""),d.setItem("url-root",h),h&&e.indexOf("/"+h)===0&&(e=e.replace("/"+h,"")||"/")),e.indexOf("/=")===0?(s.hostname=e.substring(2).split("/")[0],r("server-field").value=s.hostname,L(null,!0),e="/cockpit+"+e.split("/")[1]):e.indexOf("/cockpit/")!==0&&e.indexOf("/cockpit+")!==0&&(e="/cockpit"),v=e.split("/")[1],_="/"+v+"/login",h&&(_="/"+h+_),I=v,U=_}function L(e,o){e&&e.type==="keypress"&&e.key!==" "||(e&&e.type==="click"&&e.preventDefault(),o===void 0&&(o=r("server-group").hidden),w("#server-group",!o),r("option-group").setAttribute("data-state",o))}function de(e){let o=r("login-password-input");o.setAttribute("type",o.getAttribute("type")==="password"?"text":"password"),e.stopPropagation()}function ge(){let e=s.logged_into||[],o=e.length>0?e[0]:null;function n(){N(o==="."?"/":"/="+o)}o&&!s.page.allow_multihost&&n()}function pe(){window.onload=null,ae(),window.cockpit_po&&window.cockpit_po[""]&&(document.documentElement.lang=window.cockpit_po[""].language,window.cockpit_po[""]["language-direction"]&&(document.documentElement.dir=window.cockpit_po[""]["language-direction"])),ge(),F(window.location.pathname),(window.location.pathname.indexOf("/"+h+"/cockpit/")===0||window.location.pathname.indexOf("/"+h+"/cockpit+")===0)&&document.documentElement.setAttribute("class","inline");let e=s.page.title;if(s.is_cockpit_client&&(e=l("Login")),(!e||v.indexOf("cockpit+=")===0)&&(e=s.hostname),document.title=e,v.indexOf("cockpit+=")===0?g("#brand","#badge"):(A("badge",""),A("brand","Cockpit")),!ce())return;s.banner&&(u("#banner"),r("banner-message").textContent=s.banner.trimEnd()),r("bypass-browser-check").addEventListener("click",L),r("bypass-browser-check").addEventListener("keypress",L),r("show-other-login-options").addEventListener("click",L),r("show-other-login-options").addEventListener("keypress",L),r("server-clear").addEventListener("click",function(){let t=r("server-field");t.value="",t.focus()});let o=window.sessionStorage.getItem("logout-intent")=="explicit";o&&window.sessionStorage.removeItem("logout-intent");let n=window.sessionStorage.getItem("logout-reason");n&&window.sessionStorage.removeItem("logout-reason"),m?(g("#login-details","#login"),o?(j(),r("login-again").textContent=l("Login again"),k(l("Logout successful"))):fe()):o?O(n):G()?O():ue()}function ue(){let e=new XMLHttpRequest;e.open("GET",_,!0),e.onreadystatechange=function(){e.readyState==4&&(e.status==200?$(JSON.parse(e.responseText)):e.status==401?O():e.statusText?k(decodeURIComponent(e.statusText)):e.status===0?O():k(x(l("$0 error"),e.status)))},e.send()}function j(){let e=window.location.href.split("#",2);S=m.URL,m.URL.indexOf("?")>-1?S+="&":S+="?",S+="redirect_uri="+encodeURIComponent(e[0])}function fe(){let e=document.createElement("a");if(!m.URL)return k(l("Cockpit authentication is configured incorrectly."));let o=!window.location.search&&window.location.hash?M(window.location.hash.slice(1)):M(window.location.search);if(j(),o[m.TokenParam]){window.sessionStorage.getItem("login-wanted")&&(e.href=window.sessionStorage.getItem("login-wanted"),F(e.pathname));let n=o[m.TokenParam];u("#login-wait-validating");let t=new XMLHttpRequest;t.open("GET",_,!0),t.setRequestHeader("Authorization","Bearer "+n),t.onreadystatechange=function(){if(t.readyState==4)if(t.status==200)$(JSON.parse(t.responseText));else{let i=te(t.getResponseHeader("WWW-Authenticate"),t.responseText);i?ee(i):k(decodeURIComponent(t.statusText))}},t.send()}else o[m.ErrorParam]?k(o[m.ErrorParam]):(window.sessionStorage.setItem("login-wanted",window.location.href),window.location=S)}function B(){g("#error-group"),r("login-error-message").textContent=""}function X(){g("#info-group"),r("login-info-message").textContent=""}function f(e,o,n){B(),e&&(m?k(e):(R(n||"login"),r("login-error-title").textContent=e,r("login-error-message").textContent=o,w("#error-group .pf-v6-c-alert__description",!o),u("#error-group")))}function be(e){X(),e&&(r("login-info-message").textContent=e,u("#info-group"))}function q(e,o){c?(B(),r("login-error-title").textContent=e,r("login-error-message").textContent=o,w("#error-group .pf-v6-c-alert__description",!o),u("#error-group"),L(null,!0),R("login")):f(o)}function me(e){let o=r("login-note");e?(u(o),o.textContent=e):o.innerHTML=" "}function G(){return s.page.require_host&&I.indexOf("cockpit+=")===-1}function V(){let e=[];try{e=JSON.parse(d.getItem("cockpit-client-sessions")||"[]")}catch(o){p.log("Failed to parse 'cockpit-client-sessions':",o)}return e}let c=null,z=null,C=null;function E(){f(null),c=r("server-field").value,z=null;let e=D(r("login-user-input").value);if(e===""&&!s.is_cockpit_client)f(l("User name cannot be empty"));else if(G()&&c==="")f(l("Please specify the host to connect to"));else{c?(v="cockpit+="+c,_=U.replace("/"+I+"/","/"+v+"/"),r("brand").style.display="none",r("badge").style.visibility="hidden"):(v=I,_=U,A("badge",""),A("brand","Cockpit")),r("server-name").textContent=c||s.hostname,r("login-button").removeEventListener("click",E);let o=r("login-password-input").value,n="superuser:"+e+(c?":"+c:""),t=d.getItem(n)||"none";d.setItem("superuser-key",n),d.setItem(n,t),d.setItem("standard-login",!0);let i="";if(c)if(C==c)y("call_login(): previous login attempt into",c,"failed due to changed key");else{let b=Z(c);b?(y("call_login(): sending known_host key",b,"for logging into",c),i=b):y("call_login(): no known_hosts entry for logging into",c)}let a={Authorization:"Basic "+window.btoa(oe(e+":"+o+"\0"+i)),"X-Superuser":t};c&&(a["X-SSH-Connect-Unknown-Hosts"]="yes"),ne("GET",a,!1)}}function Q(){let e=V(),o=r("recent-hosts-list");o.innerHTML="",e.forEach(n=>{let t=document.createElement("div");t.classList.add("host-line");let i=document.createElement("button");i.textContent=n,i.classList.add("pf-v6-c-button","pf-m-tertiary","host-name"),i.addEventListener("click",()=>{r("server-field").value=n,E()});let a=document.createElement("button");a.title=l("Remove host"),a.ariaLabel=a.title,a.classList.add("host-remove"),a.addEventListener("click",()=>{let b=e.indexOf(n);e.splice(b,1),d.setItem("cockpit-client-sessions",JSON.stringify(e)),Q()}),t.append(i,a),o.append(t)}),w("#recent-hosts",e.length==0)}function R(e){let o=s.page.connect,n=r("option-group").getAttribute("data-state");if(g("#login-wait-validating"),u("#login"),w("#login-details",s.is_cockpit_client),w("#server-field-label",s.is_cockpit_client),s.is_cockpit_client){let t=r("brand");t.textContent=l("Connect to:"),t.classList.add("text-brand")}w(["#user-group","#password-group"],e!="login"||s.is_cockpit_client),w("#conversation-group",e!="conversation"),w("#hostkey-group",e!="hostkey"),r("login-button-text").textContent=e=="hostkey"?l("Accept key and log in"):l("Log in"),e!="login"&&(r("login-password-input").value=""),s.page.require_host?(g("#option-group"),n=!0):w("#option-group",!o||e!="login"),!o||e!="login"?g("#server-group"):w("#server-group",!n),r("login-button").removeAttribute("disabled"),r("login-button").removeAttribute("spinning"),r("login-button").classList.remove("pf-m-danger"),r("login-button").classList.add("pf-m-primary"),g("#get-out-link"),e=="login"&&r("login-button").addEventListener("click",E),s.is_cockpit_client&&(Q(),document.body.classList.add("cockpit-client"))}function O(e){be(e),r("server-name").textContent=document.title,me(l("Log in with your server user account.")),r("login-user-input").addEventListener("keydown",function(n){f(null),X(),n.which==13&&r("login-password-input").focus()},!1);let o=function(n){f(null),n.which==13&&E()};r("login-password-input").addEventListener("keydown",o),r("login-password-toggle").addEventListener("click",de),R("login"),s.is_cockpit_client?s.page.require_host&&r("server-field").focus():r("login-user-input").focus()}function Y(){try{return JSON.parse(d.getItem("known_hosts")||"{ }")}catch(e){return p.warn("Can't parse known_hosts database in localStorage",e),{}}}function Z(e){return Y()[W(e)]}function K(e,o){try{let n=Y();n[W(e)]=o,d.setItem("known_hosts",JSON.stringify(n))}catch(n){p.warn("Can't write known_hosts database to localStorage",n)}}function he(e){let o=e["host-key"],n=o.split(" ")[0],t=o.split(" ")[1],i=Z(n);i?(y("do_hostkey_verification: received key fingerprint",e.default,"for host",n,"does not match key in known_hosts database:",i,"; treating as changed"),r("hostkey-title").textContent=x(l("$0 key changed"),c),u("#hostkey-warning-group"),r("hostkey-message-1").textContent=""):(y("do_hostkey_verification: received key fingerprint",e.default,"for host",n,"not in known_hosts database; treating as new host"),r("hostkey-title").textContent=l("New host"),g("#hostkey-warning-group"),r("hostkey-message-1").textContent=x(l("You are connecting to $0 for the first time."),c)),r("hostkey-verify-help-1").textContent=x(l("To verify a fingerprint, run the following on $0 while physically sitting at the machine or through a trusted network:"),c),r("hostkey-verify-help-cmds").textContent=x("ssh-keyscan$0 localhost | ssh-keygen -lf -",t?" -t "+t:""),r("hostkey-fingerprint").textContent=e.default,t?(r("hostkey-type").textContent=x("($0)",t),u("#hostkey-type")):g("#hostkey-type"),f("");function a(){r("login-button").removeEventListener("click",a),f(null,null,"hostkey"),o.endsWith(" login-data")?(z=n,y("call_converse(): got placeholder host keyfor",z,", deferring db update"),re(e.id,e.default)):(p.error("login: got unexpected host key prompt, expecting login-data placeholder:",o),k(l("Internal protocol error")))}r("login-button").addEventListener("click",a),R("hostkey"),u("#get-out-link"),i&&(r("login-button").classList.add("pf-m-danger"),r("login-button").classList.remove("pf-m-primary"))}function ee(e){if(e["host-key"]){he(e);return}let o=e.echo?"text":"password";r("conversation-prompt").textContent=e.prompt;let n=r("conversation-message"),t=e.error||e.message;t?(n.textContent=t,u(n)):g(n);let i=r("conversation-input");i.value="",e.default&&(i.value=e.default),i.setAttribute("type",o),f("");function a(){r("conversation-input").removeEventListener("keydown",b),r("login-button").removeEventListener("click",a),f(null,null,"conversation"),re(e.id,r("conversation-input").value)}function b(T){f(null,null,"conversation"),T.which==13&&a()}r("conversation-input").addEventListener("keydown",b),r("login-button").addEventListener("click",a),R("conversation"),i.focus()}function oe(e){return window.unescape(encodeURIComponent(e))}function te(e,o){if(!e)return null;let n=e.split(" ");if(n[0].toLowerCase()!=="x-conversation"&&n.length!=3)return null;let t=n[1],i;try{i=window.atob(n[2])}catch(b){return window.console&&p.error("Invalid prompt data",b),null}let a;try{a=JSON.parse(o)}catch(b){window.console&&p.log("Got invalid JSON response for prompt data",b),a={}}return a.id=t,a.prompt=i,a}function ne(e,o,n){y("send_login_request():",e,"headers:",JSON.stringify(o)),r("login-button").setAttribute("disabled","true"),r("login-button").setAttribute("spinning","true");let t=new XMLHttpRequest;t.open(e,_,!0);for(let i in o)t.setRequestHeader(i,o[i]);t.onreadystatechange=function(){if(t.readyState==4)if(t.status==200){let i=JSON.parse(t.responseText);$(i)}else if(t.status==401){y("send_login_request():",e,"got 401, status:",t.statusText,"; response:",t.responseText);let i=t.getResponseHeader("WWW-Authenticate");if(i&&i.toLowerCase().indexOf("x-conversation")===0){let a=te(i,t.responseText);a?ee(a):k(l("Internal error: Invalid challenge header"))}else{if(window.console&&p.log(t.statusText),C)try{let a=JSON.parse(t.responseText)["known-hosts"];a?(y("send_login_request(): got updated known-hosts for changed host keys of",C,":",a),K(C,a),C=null):y("send_login_request():",C,"changed key, but did not get an updated key from response")}catch(a){p.error("Failed to parse response text as JSON:",t.responseText,":",JSON.stringify(a))}if(t.statusText.startsWith("captured-stderr:"))se(decodeURIComponent(t.statusText.replace(/^captured-stderr:/,"")));else if(t.statusText.indexOf("authentication-not-supported")>-1){let a=D(r("login-user-input").value);k(x(l("The server refused to authenticate '$0' using password authentication, and no other supported authentication methods are available."),a))}else t.statusText.indexOf("terminated")>-1?f(l("Authentication failed"),l("Server closed connection")):t.statusText.indexOf("no-host")>-1?q(l("Unable to connect to that address")):t.statusText.indexOf("unknown-hostkey")>-1?q(l("Refusing to connect"),l("Hostkey is unknown")):t.statusText.indexOf("unknown-host")>-1?q(l("Refusing to connect"),l("Host is unknown")):t.statusText.indexOf("invalid-hostkey")>-1?C===null?(y("send_login_request(): invalid-hostkey, trying again to let the user confirm"),C=c,E()):(y("send_login_request(): invalid-hostkey, and already retried, giving up"),q(l("Refusing to connect"),l("Hostkey does not match"))):n?f(l("Authentication failed")):f(l("Authentication failed"),l("Wrong user name or password"))}}else if(t.status==403){let i=decodeURIComponent(t.statusText).trim();f(l("Permission denied"),i==="Permission denied"?"":i)}else if(t.status==500&&t.statusText.indexOf("no-cockpit")>-1){let i=x(l("Install the cockpit-system package (and optionally other cockpit packages) on $0 to enable web console access."),c||"localhost");f(l("Packageless session unavailable"),i)}else t.status==500&&t.statusText.indexOf("unsupported-shell")>-1?f(l("Authentication failed"),l("Unsupported shell. Check the journal for details.")):t.statusText?k(decodeURIComponent(t.statusText)):k(x(l("$0 error"),t.status))},t.send()}function re(e,o){let n={Authorization:"X-Conversation "+e+" "+window.btoa(oe(o))};ne("GET",n,!0)}function N(e){let o=window.setTimeout(function(){o=null,window.location.reload(!0)},100);e&&e!=window.location.href&&(window.location=e),window.onbeforeunload=function(){o&&window.clearTimeout(o),o=null}}function P(e,o,n){let t=0;for(;t<e.length;){let i=e.key(t);n&&i.indexOf("cockpit")!==0||i.indexOf(o)===0?e.removeItem(i):t++}}function ve(e){if(P(window.sessionStorage,v,!0),d.removeItem("login-data"),P(d,v,!1),e&&e["login-data"]){let n=JSON.stringify(e["login-data"]);if(d.setItem(v+"login-data",n),d.setItem("login-data",n),z){let t=e["login-data"]["known-hosts"];t?(y("setup_localstorage(): updating known_hosts database for deferred host key for",z,":",t),K(z,t)):p.error("login.js internal error: setup_localstorage() received a pending login-data host, but login-data does not contain known-hosts")}}h&&d.setItem("url-root",h);let o=s.CACertUrl;o&&window.sessionStorage.setItem("CACertUrl",o)}function $(e){let o=window.sessionStorage.getItem("login-wanted"),n=r("server-field").value;if(n&&s.is_cockpit_client){let t=V();t.indexOf(n)<0&&(t.push(n),d.setItem("cockpit-client-sessions",JSON.stringify(t)))}n&&v!=I&&(o="/="+n,h&&(o="/"+h+o)),P(window.sessionStorage,v,!1),ve(e),N(o)}window.onload=pe})(window.console);})();